User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 Build ID: 20151029151421 Steps to reproduce: I entered support.mozilla.org and tried few xss vectors on search bar such as <script>alert(1)</script> And when i entered my fav. payload which is this: '"><svg/onload=confirm(document.domain)> I gave this alert: http://prntscr.com/92sold Actual results: It gaves me alert : support.mozilla.org Expected results: I expected the have this alert and i had it. Here is reflected xss alert on support.mozilla.org
It's in the progress of being fixed now. Thank you for reporting it!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1223970
These bugs are all resolved, so I'm removing the security flag from them.
You need to log in before you can comment on or make changes to this bug.